XYGATE User Authentication Reference Manual
XYPRO Technology Corporation 129 Proprietary and Confidential
Chapter 15. Mapping NonStop IDs to
Alternative Authentication
Databases
XUA provides the capability to map the NonStop user database to an alternative
authentication database such as LDAP, RSA SecurID or RADIUS.
One or more mapping rules can be specified in the UAACL file at the UAGroup level.
These mapping rules will only apply to the UAGroup for which they are configured.
The mapping rules are composed of a regular expression matching the NonStop
userids and operators specifying what action should be applied to the matched string.
Example: Sample UAGROUP with mapping
ACLGROUP $TECH-IDS TECH.*
ACLGROUP $APPL-IDS APPL.* underlying:111,*
ACLGROUP $QA-IDS alias:"qa*"
ACLGROUP $EVERYONE *.* alias:"*"
UAGROUP RSA-AUTHENTICATE
FROM_USER $EVERYONE
TO_USER $TECH-IDS $APPL-IDS $QA-IDS
RSA_AUTHENTICATE ON
RSA_REQUIRE_PASSWORD OFF
! Strips off GROUP names
! Then changes USER names to lower case
! Then appends the string "@mycompany.local" to the lower case name
!map re:"^.*\." delete
!map re:"JANEG" replace "janeg" exit
!map re:"MARCIA" replace "marcia"
!map re:"^.*$" append "@mycompany.local" exit
UAGROUP EVERYONE-ELSE
FROM_USER $EVERYONE
TO_USER $EVERYONE
RSA_AUTHENTICATE OFF
In this example, the logon names of the users specified in the UAGROUP
RSA-AUTHENTICATION are mapped to RSA User Account names using the MAP
keyword sequences. Based on this UAGROUP, if user TECH.OPER1 logs on to the
NonStop server, the user will not be required to provide a NonStop password but will
be presented with a PASSCODE prompt. The PASSCODE the user enters will be sent
to the RSA Authentication Manager for authentication and validated against the
OPER1 RSA User Account.
Important! When a Guardian user name is used for mapping, it should be specified in
uppercase format. For example, specify TECH.OPER1 instead of tech.oper1.